Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting

Exploit Title: Webexcels Ecommerce CMS SQL Injection & XSS Vulnerability Google Dork: intext:intext:" By WEB EXCELS "+inurl:"?Id=" Date: 2020-03-27 Exploit Author: @ThelastVvV Vendor Homepage: https://www.webexcels.com/ Version: 2.x 2017,2018,2019,2020 Tested on: Ubuntu...

SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection

Exploit Title: SialWeb CMS SQL Injection & XSS Vulnerability Google Dork: intext:" By Sial Web" +inurl:/.php?id= Date: 2020-03-22 Exploit Author: @ThelastVvV Vendor Homepage: https://sialweb.net/ Tested on: Ubuntu --------------------------------------------------------- PoC 1: The remote sql...

CVE-2020-10456

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/trash-box.php by adding a question mark ? followed by the payload...

PT-2020-12126 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in...

Code Execution Vulnerability in Crypto Game Box

Quick Play Game Box is a treasure trove of games for game lovers. A code execution vulnerability exists in Quick Play Game Box, which can be exploited by attackers to execute arbitrary code...

Introduction and Application of Model Hacking

ARCHIVED STORY Introduction and Application of Model Hacking By Steve Povolny · Febraury 19, 2020 Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” AML is a mouthful! The term describes a research field regarding the study and design o...

Introduction and Application of Model Hacking

ARCHIVED STORY Introduction and Application of Model Hacking By Steve Povolny · Febraury 19, 2020 Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” AML is a mouthful! The term describes a research field regarding the study and design o...

January 28, 2020—KB4532695 (OS Builds 18362.628 and 18363.628)

January 28, 2020—KB4532695 OS Builds 18362.628 and 18363.628 What's new for Windows 10, version 1909 and Windows 10, version 1903 release notes Windows 10, versions 1903 and 1909 share a common core operating system and an identical set of system files. As a result, the new features in Windows 10...

The vulnerability of the Bitdefender BOX 2 device, related to errors in processing URL addresses via the API /api/download_image, allows a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the Bitdefender BOX 2 device for protecting devices and gadgets is related to errors in processing URL addresses using the API /api/downloadimage. Exploiting this vulnerability allows a hacker to execute arbitrary commands on the target system by sending the malicious file...

Bitdefender BOX 2 Operating System Command Injection Vulnerability

Bitdefender BOX is a smart home security control device from the Romanian company Bitdefender. An operating system command injection vulnerability exists in Bitdefender BOX 2. The vulnerability arises from the failure of a network system or product to properly filter special characters, commands,...

Logic Flaw Vulnerability in Guangdong Telecom's IPTV System

IPTV Converged Smart Set-Top Box is a set-top box device manufactured by Guangdong Telecom. A logic flaw vulnerability exists in Guangdong Telecom's IPTV system, which is exploited by attackers to bypass the payment page...

CVE-2019-17096

CVE-2019-17096 is a Bitdefender BOX 2 bootstrap command-injection vulnerability. In the bootstrap flow, the device fetches firmware/image data via /api/download_image, which uses get_image_url() to obtain a URL from the Nimbus server and then executes a curl command to download the image. The cod...

CVE-2020-8090

The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS after a successful Administrator login...

CVE-2020-8090

CVE-2020-8090: A1 WLAN Box ADB VV2220v2 devices are affected in the Storage Service’s Username field, where stored XSS can occur after a successful Administrator login. The issue is described as a stored cross-site scripting vulnerability impacting the Username field within the Storage Service se...

CVE-2020-8090

The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS after a successful Administrator login...

CVE-2019-17095

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...

CVE-2019-17095

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...

CVE-2019-17095 Bitdefender BOX 2 bootstrap download_image command injection vulnerability

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...

CVE-2019-17095

CVE-2019-17095/17096 affect Bitdefender BOX 2 in bootstrap mode. The vulnerability stems from the bootstrap download_image path, where the device retrieves a firmware URL from nimbus.bitdefender.net via a JSON-RPC response and then shells out to curl/os.execute without validating the URL. This al...

CVE-2019-17096

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...